JP3978964B2 - Security management system - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a security management method in which security measures are taken when a portable data storage medium is accessed by a portable terminal device, and a program recording medium thereof.
[0002]
[Prior art]
In recent years, portable storage media such as compact disks and memory cards have been increased in capacity and size, and various databases can be freely carried by storing a large amount of databases in a portable storage medium. It has become to. Here, when a salesperson brings a mobile terminal device and conducts daily sales activities, the mobile terminal device has a small capacity of its built-in memory. It is stored in a portable storage medium. Then, the sales staff attaches a portable storage medium to the terminal body, accesses the stored contents on the go, displays and outputs the data, and updates the data. In this case, as a security measure when the portable storage medium is accessed by the portable terminal device, the terminal terminal is authenticated by the entered password.
[0003]
[Problems to be solved by the invention]
By the way, in the case of a portable terminal device as a personal dedicated machine, there are increasing cases of using temporary employees, part-time workers, and part-time workers in addition to regular employees. In addition, the portable terminal device has a risk that the portable storage medium or the portable terminal device itself may be lost or stolen when the portable terminal device is used while being carried away. Therefore, when important confidential company information or personal information is stored in a portable storage medium or the built-in memory of the terminal, the important information may be leaked to others due to loss, theft, or malicious intent. It was extremely expensive.
In other words, in the past, because the mobile terminal device is mainly used on the go, the operation environment such as simplification of operation and quickness is emphasized rather than strict security management that complicates the input operation. Therefore, security measures against loss or theft of portable storage media and portable terminal devices and security measures against malicious intent by temporary staff, parts, etc. are not sufficient, and if you know the user password or by accidental hit of the password Anyone can easily access data in a portable terminal or a storage medium from any personal computer, and the risk of leakage of important information to others is extremely high. In addition, having a mechanism for arbitrarily taking security measures according to user settings on the mobile terminal device itself includes a risk that a third party can easily change the setting part. Therefore, the mechanism itself becomes a factor that impairs safety.
An object of the present invention is to collectively perform association setting between a portable data storage medium and a portable terminal device that can access the portable data storage medium and association setting between the data storage medium and a user who can use the data storage medium. It is possible to perform the setting work efficiently, and the mobile terminal device itself does not have a mechanism for taking security measures for the data storage medium. By taking thorough security measures to ensure that legitimate users can be checked, it is possible to reliably prevent unauthorized access by legitimate terminals and third parties other than operators. .
[0004]
[Means for Solving the Problems]
The security management system of the present invention is a security management system comprising a portable terminal device and a server device that writes and distributes a data file on a portable data storage medium used by the portable terminal device,
Server device, a hard identification information setting means for setting a hard identification information that associates a previously data storage medium and the portable terminal device in the server apparatus, the advance data storage medium and authentication information for associating the user who can utilize this server Authentication information setting means set in the apparatus, and writing means for writing the hardware identification information and the authentication information associated with the data storage medium to the data storage medium when writing the data file to the data storage medium Have
When the mobile terminal device accesses the data storage medium, the mobile terminal device reads the hardware identification information stored in the data storage medium, and the mobile terminal device is permitted to access the data storage medium based on the hardware identification information. If the operator is a valid mobile terminal device that is permitted to access the data storage medium, the operator checks whether the operator is a valid user indicated by the authentication information in the data storage medium. And means for permitting access to a data file in the data storage medium when the user is a valid user.
[0005]
DETAILED DESCRIPTION OF THE INVENTION
An embodiment of the present invention will be described below with reference to FIGS.
FIG. 1 is a block diagram showing the overall configuration of the security management system in this embodiment.
This security management system is set in, for example, a server device 1 installed on the company side in a company organization, a mobile client terminal (mobile terminal device) 2 brought by each sales representative, and the mobile terminal device 2 And a portable storage medium 3 to be used. Then, application software / databases and the like that are stored and managed on the server device 1 side are externally provided to the portable terminal device 2 via a portable storage medium 3 that can be carried around. When the information is written and distributed to the terminal device, the server device 1 sets information for associating the terminal with the storage medium, or takes various security measures, so that application software / database, etc. in the storage medium 3 Is securely prevented from being illegally copied or leaked by a third party.
[0006]
Each salesperson conducts business activities while accessing the application software / database in the portable storage medium 3 on the go, and then pulls out the portable storage medium 3 from the terminal body at the end of the business day. When it is set in the card reader / writer 4 on the server device 1 side, the server device 1 collects business records in the storage medium 3 via the card reader / writer 4.
The server device 1 and the plurality of portable terminal devices 2 can be detachably connected via the serial cable 5.
[0007]
The portable storage medium 3 stores application software for various business processes, a database, and the like, and is composed of, for example, a compact flash card. Hereinafter, the portable storage medium 3 is referred to as a database card (DB card). Here, “#A”, “#B”, “#C”,... Attached to each DB card 3 are indicated by terminal names “A”, “B”, “C”,. It shows that the card is a terminal-compatible card associated with the mobile terminal device 2. In this embodiment, in addition to the terminal-compatible card, there is a terminal group-compatible card, which will be described later, but in the example of FIG. 1, only the terminal-compatible card is shown. The card reader / writer 4 can set a plurality of DB cards 3 simultaneously and has a plurality of card insertion openings.
Then, the server device 1 distributes application software / database files (AP software / DB files) to the mobile terminal device 2 via the DB card 3. That is, the server device 1 calls the writing target to be written to the DB card 3, that is, the distribution target AP software / DB file, gives it to the card reader / writer 4, and applies it to one or more DB cards 3 set therein. Write AP software / DB file.
[0008]
2 shows, for example, a terminal group associated with the business groups “Sales Section 1”, “Sales Section 2”, “Project A”, “Project B”,... And a DB card 3 corresponding to this terminal group. In addition to showing the relationship, the correspondence between the terminal and the user is shown. That is, in the figure, each DB card 3 indicated by “# A1”, “# A2”, “# A3” belongs to each mobile terminal device 2 whose terminal names are “A1”, “A2”, “A3”. Similarly, each of the DB cards 3 indicated by “# B1”, “# B2”,... Is a portable medium having terminal names “B1”, “B2”,. It is a storage medium corresponding to the terminal group B to which the device 2 belongs, and each DB card 3 in the same group can be used in common by each mobile terminal device 2 belonging to the group.
[0009]
In addition, the number of users who have the authority to use a certain mobile terminal is not limited to one, but a plurality of users can share and use one mobile terminal device. It has the authority to use the mobile terminal device. For example, in the terminal group A, a correspondence relationship between the mobile terminal device indicated by the terminal name “A1” and the users “UA1” to “UA4” is defined, and the mobile terminal device indicated by the terminal name “A2” Correspondence relationships with the users “UA1” to “UA3” are defined, and it is shown that there is a usage relationship only between them. In this case, the authentication information (password) is set in each DB card corresponding to a terminal that can be shared and used by a plurality of users, corresponding to each user that can share the usage.
[0010]
FIG. 3 is a diagram conceptually showing security management in this embodiment. That is, as security management in this embodiment, (A) ... security management for the DB card, (B) ... security management by password authentication, (C) ... security management by the suspend / resume function. .
First, (A)... Security management for a DB card will be described.
In this embodiment, when the mobile terminal device 2 accesses an arbitrary DB card, or when the DB card 3 is accessed by an arbitrary terminal device, the hardware identification numbers respectively stored in the terminal and the card A check process is performed to collate each other (which will be described in detail later) and determine whether or not the card itself can be accessed based on the collation result. This check process is started by starting up the basic software stored in the card when the terminal is turned on.
Here, the “hardware identification number” is written in advance in the mobile terminal device 2 or the DB card 3 in order to associate the mobile terminal device 2 with the DB card 3. That is, when the server apparatus 1 pre-sets the contents to be written into the mobile terminal device 2 or the DB card 3, the “hardware identification number” is one of the mobile terminal devices 2 belonging to the same group. The server device 1 is generated in accordance with unique terminal identification information (manufacturing number) read from one terminal, and the server device 1 is stored in each group-compatible mobile terminal device 2 and each DB card 3 used in those terminals. Write the hardware identification number. Therefore, the same hardware identification number is written as common access restriction information in each mobile terminal device 2 and each DB card 3 belonging to the same group.
[0011]
Next, (B)... Security management by password authentication will be described. In this embodiment, when access to the card itself is permitted as a result of the above-described DB card security check, a check process is performed to verify whether the operator is a valid operator based on the input user authentication information (password). I am doing so. In this case, a multiple encrypted password is used for verification. That is, the multiple encryption password is a double encryption password obtained by encrypting the input password twice by a predetermined method, and a specific description of how to encrypt will be described in detail later. In this embodiment, the contents of the multi-encrypted password are not always kept the same, and the contents are changed every time data is written to the card. The multi-encrypted password is written in the DB card 3 as user-specific authentication information. In this case, when there are a plurality of users who are granted access authority to the terminal, the multiple encryption password is written for each user.
Further, when the user password is input when the DB card 3 is used, if the wrong password is repeatedly input repeatedly several times, the number of repeated inputs is set to a preset limit value ( If it is determined that the viewer inactivity setting count (to be described later) has been reached, the search viewer (initial screen display such as a prompt to enter the password) is deactivated, and the password input is not accepted. Security processing is also performed.
[0012]
Further, (C)... Security management by the suspend / resume function will be described.
Each mobile terminal device 2 has a suspend / resume function, and monitors an idling state in which no input operation is performed for a certain period of time. If no input operation is performed for a certain period of time, in order to save battery and protect security, After the current state is saved and stored, the power is turned off to enter the suspend state. However, the resume function is activated by a subsequent input operation, and the original state is restored under certain conditions. As a condition in this case, instead of returning to the suspend screen, for example, the application screen as it is, the search viewer is activated to display the password input screen, and the user is prompted to input the password again to be a valid user. After confirming this, the original state, for example, the application screen at the time of suspension is restored. In other words, in this embodiment, a fixed condition is added to resume resume for security measures, and the original state at the time of suspension is restored only when the condition is satisfied.
[0013]
FIG. 4A shows a setting table 11 provided on the server device 1 side. The setting table 11 sets various contents for the server device 1 to write in the DB card 3 or the portable terminal device 2 in advance. In this embodiment, writing to the DB card 3 is performed in the portable terminal device 2. The server apparatus 1 does not perform the process itself but performs the process in a batch.
The setting table 11 is configured to have various setting areas for each terminal group such as the group “Sales Section 1”, “Sales Section 2”, “Project A”, “Project B”,. It should be noted that the person who can perform the table setting is an administrator with special authority, but an administrator may be specified for each terminal group. In this case, the group manager has the authority to set only his / her group and, of course, browsing the setting contents of other groups is prohibited.
The contents set in the setting area for each group are written in each mobile terminal device 2 and each DB card 3 corresponding to the group. FIG. 4A illustrates a case in which “sales department 1”, “sales department 2”, and “sales department 1” are illustrated as terminal groups.
First, in the setting area corresponding to each group, in addition to the “group name”, the “hardware identification number” described above, the total “set number” of terminals belonging to the same group, use the terminal within the same group. The total number of “users” of users who have the authority to perform each is set.
[0014]
Furthermore, the “viewer inactivation setting number (N)” set for each group is a group for inactivating the search viewer after that when the wrong password is repeatedly input several times. The number of times is set arbitrarily for each time.
Further, “user name (1)”, “encrypted password”, “user name (2)”,... Are set in association with each user having the authority to use. In addition, “BD file name” to be written and “corresponding AP (application)” associated therewith are set. As shown in FIG. 4B, the “DB file name” is a DB file required according to the business contents of the group among a plurality of master DB files 12 stored and managed on the server device side. "Applicable AP" is application software for processing a BD file, and the display format of the basic AP 13 (see FIG. 4C) corresponding to the master DB is modified according to the BD file. It has been changed.
[0015]
On the other hand, in the setting table 11, “basic software” is set in an area different from the group-corresponding setting area as a common writing target written to each DB card in common with each group. Here, “basic software” includes “search viewer”, “encryption / decryption algorithm”, and “operation control management file”.
“Basic software” is basic software for executing and controlling basic operations of the mobile terminal device, and “Search viewer” is software for displaying an initial screen (login input screen) according to the operation of the basic software. . The “encryption / decryption algorithm” is for executing password encryption / decryption processing, and the “operation control management file” stores basic management information for operation control of the DB-compatible customized AP. It is a file that has been. This “operation control management file” is normally written in the card. However, in this embodiment, when the wrong password is repeatedly input several times, the search viewer is disabled thereafter. Therefore, the “operation control management file” is deleted, and when the search viewer is started, the mobile terminal device displays the login input screen on the condition that this “operation control management file” exists in the DB card. Is displayed.
[0016]
FIG. 5 shows the contents written in each DB card 3 by the server device. That is, the “hardware identification number”, “basic software”, “search viewer”, “encryption / decryption algorithm”, “operation control management file”, and “viewer inactive setting count” are written in the DB card. Yes. Further, “user name (1)”, “multi-encrypted password + time variable key”, “user name (2)”, etc. are written corresponding to each user who can use the DB card, “DB file” and “corresponding AP” are written.
[0017]
FIG. 6 shows the contents written in the built-in memory of each mobile terminal device 2. This built-in memory is provided with flash ROM and RAM as shown in the figure. The ROM and RAM have a minimum memory capacity in consideration of security measures. That is, in this embodiment, as described above, the storage location of the application, database, basic software, etc. is not distributed to the mobile terminal device 2 and the DB card 3, but the basic software, in addition to the application, database, is stored in the DB card 3. The risk due to loss or theft of the mobile terminal itself can be eliminated.
Here, the above-described “hardware identification number” is fixedly stored in the flash ROM in the terminal by the writing operation of the server device 1. The RAM which is a temporary storage memory has a “key / data input area”, a “record area”, and “other work areas”. Note that the “record area” is configured to temporarily store the minimum necessary data, that is, the data for one record as the current part currently being processed in order not to leave data in the terminal. In addition, in the RAM whose stored contents are always guaranteed by the power backup, the save data input area in which the current state is saved at the time of suspend and the suspend F (flag) indicating that the suspend is in progress are set. A flag area is provided. Although not shown, the internal memory of each mobile terminal device 2 also stores the serial number unique to the terminal where it is manufactured.
[0018]
FIG. 7 is a block diagram showing the overall configuration of the server device 1 and the mobile terminal device 2.
Here, basically the same constituent elements of the server apparatus 1 and the mobile terminal apparatus 2 are given the same reference numerals for the sake of explanation, but the constituent elements of the server apparatus 1 and the mobile terminal apparatus 2 are identified. Therefore, “A” is attached to the components of the server device 1 in the figure, and only the configuration of the mobile terminal device 2 will be described below, and the description of the server device 1 will be omitted.
The CPU 21 is a central processing unit that controls the overall operation of the portable terminal device 2 according to the operating system and various application software in the storage device 22. The storage device 22 stores an operating system and various application software, a database, character fonts, and the like, and includes a recording medium 23 configured by a magnetic, optical, semiconductor memory, and the like and a drive system thereof. The recording medium 23 is a fixed medium such as a hard disk or a portable medium such as a detachable CD-ROM, floppy disk, RAM card, magnetic card or the like. Further, the program and data in the recording medium 23 are loaded into a RAM (for example, static RAM) 24 under the control of the CPU 21 as necessary, and the data in the RAM 24 is saved in the recording medium 23. Further, the recording medium may be provided on the external device side such as a server, and the CPU 21 can directly access and use the program / data in the recording medium via the transmission medium.
Further, the CPU 21 can capture a part or all of the data stored in the recording medium 23 from another device via the transmission medium, and can newly register or additionally register it in the recording medium 23. That is, the transmission control unit 25 receives a program / data transmitted from another device constituting the computer communication system via a wired transmission line such as a communication line or cable or a wireless transmission line such as radio waves, microwaves, and infrared rays. And can be installed in the recording medium 23. Further, the program / data may be stored and managed on the external device side such as a server, and the CPU 21 can directly access and use the program / data on the external device side via a transmission medium.
On the other hand, a transmission control unit 25, an input unit 26, and a display unit 27, which are input / output peripheral devices, are connected to the CPU 21 via a bus line, and the CPU 21 controls their operations according to an input / output program. The input unit 26 is an operation unit constituting a pointing device such as a keyboard, a touch panel, a mouse, or a touch input pen, and inputs character string data and various commands.
[0019]
Next, the operation of the security management system according to this embodiment will be described with reference to the flowcharts shown in FIGS. Here, a program for realizing each function described in these flowcharts is stored in the recording medium 23 (23A) in the form of a readable program code, and the CPU 21 (21A) includes the program code. Accordingly, the operations are sequentially performed. Further, the CPU 21 (21A) can sequentially execute the operation according to the above-described program code transmitted via the transmission medium. That is, in addition to the recording medium, an operation specific to this embodiment can be executed using a program / data supplied externally via a transmission medium.
[0020]
8 and 9 are flowcharts showing operations when the server apparatus 1 performs various settings on the setting table 11.
First, processing for setting and registering basic group information is performed (steps A1 to A9). Here, in a state where the operator can input, the “group name” for one group to be set this time is input and designated (step A1), and the terminal “set number” and the user “number of users” in the group are input. Perform (Step A2). Then, the specified number of portable terminal devices 2 and the DB cards 3 associated with the terminals are set in the server device 1 (step A3).
Then, the server device 1 selects and designates one of the terminals in the set same group, reads out the “manufacturing number” (step A4), and sets the “manufacturing number”. Based on this, a “hardware identification number” is generated (step A5), and a “hardware identification number” is written in each mobile terminal device 2 and DB card 3 corresponding to the set number (step A6).
In the next step A7, a process of registering the generated “hardware identification number” in the setting table 11 in addition to the “group name”, “set number”, “use number” input as described above is performed.
Then, when the operator inputs an arbitrary value as the number of viewer inactivations due to password mismatch (step A8), the inputted “viewer inactivation number” is registered in the setting table 11 (step A9).
[0021]
When the group basic information setting registration is completed in this way, the process proceeds to a process for setting and registering passwords for the number of users in the group (steps A10 to A14).
First, the operator inputs a user name (step A10) and inputs a password corresponding to the user (step A11). Then, the input password is encrypted using the password itself as a key (step A12). The input user name and encrypted password are registered in the setting table 11 (step A13). When the user registration for one person is completed, it is checked whether the user registration for the number of users is completed (step A14), and the above operation is repeated until the setting for all users is completed.
[0022]
When the user registration is completed, the process proceeds to a process for setting and registering the database and the corresponding application software (steps A15 to A17 in FIG. 9). First, when the operator designates and inputs a “DB file name” to be written in the DB card (step A15), this “DB file name” is registered in the setting table 11 (step A16), and the DB registered and registered this time. The AP software is registered in the setting table 11 in association with the file name (step A17).
Next, it is checked whether or not the setting registration for all groups has been completed (step A18). The process returns to step A1 until the end of all groups is determined, and the above operation is repeated for each group. Thereby, various contents shown in FIG. 4 are set and registered in the setting table 11 corresponding to each group. At that time, every time setting registration for one group is completed, the next group to be set is specified, and the portable terminal device 2 and the DB card 3 corresponding to the group are set in the server device 1. With this table setting, the “hardware identification number” is written in the mobile terminal device 2 and the DB card 3 respectively.
[0023]
FIG. 10 is a flowchart showing an operation when the server apparatus 1 writes and distributes a DB file, corresponding AP software, and the like on the DB card 3.
First, the operator sets the DB card 3 to be distributed on the server device 1 (step B1). Then, the “hardware identification number” is read from the card (step B2), and the setting table 11 is searched based on the hard identification number, and the corresponding group is specified (step B3).
Then, “basic software” as a common writing target written to each DB card in common with each group is read from the setting table 11 and written to the DB card (step B4). In this case, since the “basic software” includes “search viewer”, “encryption / decryption algorithm”, and “operation control management file”, writing including these is performed.
Next, the “viewer inoperative setting number (N)” corresponding to the specified group is read from the setting table 11 and written in the DB card (step B5).
[0024]
Further, the current system date and time is acquired and specified as a time variable key (step B6). Then, the corresponding “encrypted password” is read from the first user among the users of the specific group (step B 7), and this “encrypted password” is further encrypted using the above time variable as a key (step B 7). B8). A “time variable key” is added to the multiple encryption password generated in this way, and written together with the corresponding user name in the DB card (step B9).
Then, it is checked whether or not all the users in the specific group have been specified (step B10). The process returns to step B7 until all the users are specified, and the above-described operation is repeated for each user.
Thus, when the process of writing the multiple encryption password and the user name to the DB card for each user in the specific group is completed, the corresponding DB file is read based on the DB file name corresponding to the group (step B11), In addition to writing to the card (step B12), the AP software corresponding to the DB file is read and written to the card (step B13).
[0025]
FIG. 11 and FIG. 12 are flowcharts that start execution in response to power-on on the portable terminal device side.
First, when the DB card is set in the portable terminal device, when the power is turned on, “Suspend F” is read from the RAM, which is the built-in memory, to check whether it is set (Steps C1, C2). ). If it is assumed that “Suspend F” is not set, the process proceeds to Step C3, and the basic operation is started based on the basic software in the DB card. Then, the “hardware identification number” is read from the DB card (step C4) and collated with the “hardware identification number” in the terminal (step C5). As a result, if the two match (step C6), the terminal and the card are in a proper correspondence relationship, so that the search viewer is activated (step C9), but the terminal and the card are in a valid correspondence relationship. If not, a mismatch of the “hardware identification number” is determined. Therefore, after displaying a hard error (step C7), the power supply is forcibly turned off (step C8), and the error ends.
[0026]
FIG. 12 is a flowchart for explaining in detail the operation at the time of step C9 (search viewer activation) in FIG.
First, it is checked whether an “operation control management file” exists in the card (step D1). Here, as described above, when erroneous input of the password is repeated several times in succession, the “operation control management file” is deleted after that in order to deactivate the search viewer. . Therefore, the presence / absence of the “operation control management file” is checked, and if not, a non-operation message is displayed (step D10). Then, it is checked whether or not “suspend F” is set (step D11). Since “suspend F” is not set now, the power is forcibly turned off (step D13), and the process ends in an error. If “suspend F” is set, all data in each RAM including “suspend F” is deleted (step D12).
[0027]
On the other hand, if the “operation control management file” exists, the login input screen is displayed on the condition, and a message for prompting the user name and password is displayed (step D2). When the operator inputs his / her “user name” and “password” (step D3), the entered password is encrypted using the password itself as a key (step D4). Then, the “time variable key” added to the multiple encryption password corresponding to the “user name” in the DB card is read, and the input encryption password is further encrypted using the “time variable” as a key. Thus, a multiple encryption password is generated (step D5). The multi-encrypted password thus generated is collated with the multi-encrypted password read out from the DB card in correspondence with the “user name” (step D6).
[0028]
As a result, when a mismatch between the two is determined (step D7), the number of mismatches is updated, and the updated value and the “viewer inoperable set number (N)” set in advance for each group are displayed. Are compared and it is checked whether incorrect password input has been repeated N times in succession (step D8), and if it is less than N times, the screen returns to the login input screen (step D2), and re-input is accepted.
If it is determined that incorrect password input has been repeated N times in succession (step D8), the “operation control management file” is deleted (step D9), and a non-operation message is displayed (step D9). Step D10). Thereafter, as in the case described above, after checking “Suspend F”, the power is forcibly turned off and the process ends in an error.
[0029]
If the passwords match and it is determined that the operator is a legitimate operator before erroneous password input is repeated N times in succession (step D7), the "suspend F" check is performed again. (Step D14), because “Suspend F” is not set now, the process moves to Step D15, a menu screen of DB file names is displayed, and the operator selects a desired DB file name from this menu screen. When designated, the AP software corresponding to the selected DB file is activated (step D16), and application processing corresponding to the AP software is executed (step D17). In this case, while the application process is being executed, the idling state in which the input operation is not performed for a predetermined time is monitored by the suspend function (step D18), and when the idling state is detected, it is currently set in the temporary storage memory. The stored RAM data is transferred to and saved in the save RAM (step D19), and after "suspend F" is set (step D20), the power is forcibly turned off (step D21).
[0030]
If any input operation is performed after such suspending, the power is turned on, so that the flowchart of FIG. 11 starts to be executed. In this case, it is determined that “Suspend F” is present, the process proceeds to Step D9, and the search viewer is activated. In this case, before the resume process is performed, a message input prompting the user name and password is displayed by displaying the login input screen on condition that the “operation control management file” exists (step D2). If a password match is detected and it is determined that the operator is a valid operator (step D7), the resume function is activated on the condition that "suspend F" is set (step S7). D22). In this case, even if the user is different from the user at the time of suspension, if the user is registered in the card, the user is recognized as a valid operator and resumed. Here, when the operator is recognized as a valid operator, the saved data in the RAM is read in order to return to the suspended state as usual, instead of starting from the initial menu screen for DB selection. Return to the original application screen. Then, after “suspend F” is deleted (step D23), the process proceeds to application processing (step D17).
[0031]
As described above, in this embodiment, the server device 1 stores the DB card and the mobile terminal device that can access the DB card by using the “hardware identification number”, “user name”, and “password” in the setting table 11 in advance. And setting and registering the association between the DB card and the user who can use it, and at the time of the setting, the “hard identification number” is written in the DB card and the portable terminal device that can access it, and When writing the DB file to the DB card 3, since the user information of “user name” and “password” is also written together, the server device side can perform the association in a batch, The setting work can be performed efficiently, and the mobile terminal device itself has a mechanism for taking security measures for the card. Since it is not necessary also eliminated, nor that the settings are changed by a third party, and quite on the security measures effective.
[0032]
In this case, in the setting table 11, in addition to the association between the DB card and the mobile terminal and the association between the card and the user, the DB file name to be written is also set and registered. Correspondence of what kind of file is distributed to the user is clarified, and it is possible to effectively prevent a wrong setting. Here, when writing the DB file to the card, the DB file indicated by the file name is acquired and written, so that the file can be written reliably. Furthermore, if group information is set in the setting table 11, the association between the DB card and the mobile terminal and the association between the card and the user can be performed on a group basis.
[0033]
On the other hand, when accessing an arbitrary DB card, the “hardware identification number” in this card is checked against its own “hardware identification number”, and access to the card is permitted based on the result of the comparison. Since the security management is automatically executed just by attaching the DB card to the mobile terminal device, the user is completely aware of the security measures when using the DB card. There is no need to do so, and it is possible to realize reliable security management without impairing usability.
In this case, since the DB file containing important information is stored only in the DB card that can be separated from the mobile terminal, there is no security problem even if only the mobile terminal is lost or stolen. In addition, even if a DB card is lost or stolen, it has a mechanism that allows only authorized terminals to access the card. Is impossible, and its security is extremely high. In addition to checking the terminal that accesses the DB card, it is possible to check the user by collating the entered operator information with the user information written in the DB card. Can be realized.
[0034]
In the above-described embodiment, when various types of information are set in the setting table 11, the setting operation is performed according to a predetermined procedure. However, the order of setting is arbitrary. As long as the setting operation can be performed efficiently, various information may be set in an interactive format or in a table format.
In addition, as described above, the person who can set the table is an administrator with special authority, that is, a group manager or general manager. Alternatively, each user's password may be captured via the communication means.
[0035]
In addition, what information is used to generate the “hardware identification number” is arbitrary. For example, the “hardware identification number” is configured by “manufacturing company code” + “manufacturing number” of the mobile terminal device. May be. In addition to simply classifying a plurality of terminals, the terminal group can be set such that one terminal belongs to a plurality of groups. In the above-described embodiment, the compact flash card is exemplified as the DB card which is a portable storage medium. However, the PC card, the smart media, the CD (optical disc), the MO (magneto-optical disc), the FD (FD) Floppy disk) or the like, and the shape is not limited to the card type, but may be a cassette type, a stick type, or the like.
Furthermore, the portable terminal device may be an electronic notebook, a notebook computer, a PDA, a mobile phone, or the like.
[0036]
【The invention's effect】
According to the present invention, the server device performs association setting between a portable data storage medium and a portable terminal device that can access the portable data storage medium, and association setting between the data storage medium and a user who can use the data storage medium. In addition, the server device can perform the association in a lump, and the setting work can be efficiently performed, and the mobile terminal device itself has a mechanism for taking security measures for the data storage medium. In addition, it is possible to check not only whether a mobile terminal is a legitimate mobile terminal, but also whether it is a legitimate user. It is possible to reliably prevent unauthorized access by a third party, and to realize reliable security management that takes into account the characteristics of using it on the go. That.
[Brief description of the drawings]
FIG. 1 is a block diagram showing the overall configuration of a security management system.
FIG. 2 is a diagram for explaining a correspondence relationship between a mobile terminal device and a user as well as explaining a DB card 3 corresponding to a terminal group;
FIG. 3 is a diagram conceptually showing types of security management.
4A is a diagram showing a configuration of a setting table 11 provided on the server device side and its setting contents, FIG. 4B is a diagram showing a master DB file 12, and FIG. The figure which showed basic AP13.
FIG. 5 is a view showing contents written in each DB card 3;
FIG. 6 is a view showing the contents written in the built-in memory of each mobile terminal device 2;
FIG. 7 is a block diagram showing the overall configuration of the server device 1 and the mobile terminal device 2;
FIG. 8 is a flowchart showing an operation when the server apparatus 1 performs setting on the setting table 11;
FIG. 9 is a flowchart showing a setting operation following FIG. 8;
FIG. 10 is a flowchart showing an operation when the server device 1 writes and distributes a master DB, a customized AP, and the like to the DB card 3;
FIG. 11 is a flowchart that starts execution in response to power-on on the mobile terminal device 2 side.
12 is a flowchart for explaining in detail the operation at the time of step C9 (search viewer activation) in FIG. 11;
[Explanation of symbols]
1 server device 2 portable terminal device 3 DB card 11 setting table 12 master DB file 13 DB-compatible basic AP
21, 21A CPU
22, 22A Storage device 23, 23A Recording medium 25, 25A Transmission control unit 26, 26A Input unit 27, 27A Display unit

Claims (4)

A security management system comprising a portable terminal device and a server device that writes and distributes a data file on a portable data storage medium used by the portable terminal device,
Server device
Hardware identification information setting means for setting in the server device hardware identification information that associates the data storage medium with the portable terminal device in advance;
Authentication information setting means for setting authentication information for associating a data storage medium with a user who can use the data storage medium in the server device ;
Writing means for writing the hardware identification information and the authentication information associated with the data storage medium to the data storage medium when writing the data file to the data storage medium;
The mobile terminal device
When accessing the data storage medium, the hardware identification information stored in the data storage medium is read, and based on the hardware identification information, the mobile terminal device checks whether access to the data storage medium is permitted Means,
In the case of a legitimate portable terminal device that is permitted to access the data storage medium, means for checking whether the operator is a legitimate user indicated by the authentication information in the data storage medium;
Having access to a data file in the data storage medium when the user is a valid user;
Security management system. The server device has means for setting a data file name to be distributed to be written to the data storage medium in the server device, and the writing device uses the data file name when writing the data file to the data storage medium. The security management system according to claim 1, wherein the data file indicated is acquired and written. In the server device, the hardware identification information setting means sets common hardware identification information that associates a plurality of data storage media belonging to the same group and a plurality of portable terminal devices in the server device, and the authentication information setting means includes: Common authentication information for associating a plurality of data storage media belonging to the same group and a plurality of users who can use them is set in the server device, and the writing means is associated with the data storage media 2. The security management system according to claim 1, wherein the common hardware identification information and the common authentication information are written in the data storage medium. A security management system comprising a portable terminal device and a server device that writes and distributes a data file on a portable data storage medium used by the portable terminal device,
Hardware identification information setting means for setting in the server device hardware identification information for associating a data storage medium and a portable terminal device in advance with the computer of the server device ;
Authentication information setting means for setting in the server device authentication information for associating a data storage medium with a user who can use the data storage medium,
A computer-readable recording medium storing a program for causing the hardware identification information and the authentication information associated with the data storage medium to function as writing means for writing the data file to the data storage medium. When a computer of the portable terminal device accesses the data storage medium, the hardware identification information stored in the data storage medium is read, and the portable terminal device stores the data based on the hardware identification information. Means for checking whether access to the storage medium is permitted,
Means for checking whether the operator is a legitimate user indicated by the authentication information in the data storage medium, if the legitimate portable terminal device is permitted to access the data storage medium;
A computer-readable recording medium on which a program for allowing a user to function as a means for permitting access to a data file in the data storage medium when the user is a valid user is recorded.

Images